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(54) A terminal-based service Identification mechanism 



(57) A terminal-based service identification method 
for a wireless qell-based communication system (300) 
that i ncludes a home domain cell and at least one visitor 
domain cell A roaming wireless subscriber terminal is 
assigned to the home domain cell and roams Into a vis- 
itor cell (370). The method includes the steps of storing 
authorization data in the roaming wireless subscriber 
terminal to allow the roaming wireless subscriber termi- 
nal to operate in the visitor domain cell; transmitting the 
authorization data from the roaming wireless subscriber 



terminal to a server (420) in the visitor cell (370). The 
server receives the authorization data from the roaming 
wireless subscriber terminal and authorizes a service to 
be provided to the roaming wireless subscriber terminal 
in the visitor coll (370) in reeponee to the authorization 



This provides the advantages that signalling be- 
tween the home domain and the visited domain is min- 
imized whilst enabling a user to be dynamically author- 
ized to use services or levels of service within the com- 
munication system (300). 
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Description 

Field of the Invention 

[0001] This Invention relates to dynamic user author- s 
Ization in a wireless cell-based communication system. 
The invention is applicable to, but not limited to, a ter- 
minal-baeod ocrvbo identification and modification 
mechanism to access a service or level of service in 
such a system. w 

Background of the Invention 

[0002] Wireless communication systems, for example 
™iliilar telephony or private mobile radio communlea- is 
tion systems, typically provide for radio telecommunica- 
tion links to be arranged between a plurality of base 
transceiver stalions (BTSs) and a plurality of subscriber 
units, often termed mobile stations (MSs). 
[0003] Wireless communication systems are distin- so 
guished over fixed communication systems, such as the 
public switched telephone network (PSTN), principally 
in that mobile stations move between BTS (and/or dif- 
ferent service providers) and, in doing so, encounter 
varying radio propagation environments. 25 
[0004] in a wireless communication system, each 
BTS has associated with it a particular geographical 
coverage area (or cell). A particular range defines the 
coverage area where the BTS can maintain acceptable 
communications with MSs operating within its serving 30 
cell. A subscriber unit registers with a particular cell 
(BTS), whenever roaming into (entering) a cell, so that 
calls can be routed to/from the subscribe! unit. The net- 
work will assign a "home" cell to the subscriber unit, 
where the subscriber unit typically operates. The home 35 
cell then routes any calls, user prof iies, preferences, etc. 
to any cell visited by the subscriber unit. Often these 
cells combine to produce an extensive coverage area, 
[0005] Present day communication systems, both 
wlrsleee andwiralino, have- a requirement to transfer da- ■*<> 
ta between communications units. Data, in this context, 
includes signalling information and traffic such as video 
and speech communication. Such data transfer needs 
to be effectively and efficiently provided for, In order to 
optimise use of limited communication resources. « 
[0006] Following the revolution in wireless (mobile) In- 
ternet arsiRSR. nfiw services and features aro required 
to be supported by UEs. One such communication serv- 
ice relates to the authentication of the user, authorisa- 
tion forthe specific services or quality of service that ihe so 
user requests and accounting tor the usage of the com- 
munication resource/service by the UE, commonly re- 
ferred to as "AAA" functions. 

[DO07] Communication systems are now being pre- 
pared according to a third generation of standards, ss 
Among 3 rd generation cellular standards are systems, 
such as the UMTS 3GPP and 3GPP2 standards of the 
EuropoanTolocommunioationc Standards Institute (ET- 



Sl) and the International Mobile Telecommunicatlons- 
2000 (IMT-2000) standards, utilise communication pro- 
tocols that support some Internet protocois and include 
AAA functions 

[0008] The preferred embodiment of the present In- 
vention is described with reference to the Third Gener- 
ation Partnership Project (3GPP) defining portions of 
me universal Mobile Telecommunication Standard 
(UMTS), Including the time division duplex (TD-CDMA) 
mode of operation. In UMTS parlance, a BTS is referred 
to as a Node B, and subscriber equipment is referred to 
as user equipment (UE). With the rapid development of 
services provided to users in the wireless communica- 
tion arena, UEs encompass many forms of communica- 
tion devices, from cellulai phones or radios, through per- 
sonal data accessories (PDAs) and MP-3 players to 
wireless video units and wireless Internet units. 
[0009] The memorandum published by the internet 
Engineering Task Force organisation N° RFC2904 dat- 
ed August 2000 entitled "AAA Authorization framework" 
presents the basic conceptual entitles that may be al- 
lowed ae participants in an authorization: 

(i) A User who wants access to a service or re- 
source; 

(ii) A User Home Organization that has an agree- 
ment with the user and checks whether the user Is 
allowed to obtain the requested service or resource, 
This entity may carry information required to author- 
ize the User, which might not be known to the Serv- 
ice Provider (such as a credit limit); 

(lii) A Service Provider's AAA Server, which author- 
izes aservice based on an agreement with the User 
Home Organisation without specific knowledge 
about the individual User, This agreement may con- 
tain elements that are not relevant to an individual 
user (e.g., the total agreed bandwidth between the 
User Home Organization and the Service Provider); 
and 

(lv) A Service PiuvMui'b Service Equipment, wnich 
provides the service itself. 

[0O1O] The existing Internet protocols are designed 
primarily to provide AAA functionality for wireline-based 
networks. Hence, the protocols are not well suited to 
wireless communication networks, particularly in serv- 
icing roaming mobile telephone/radio users. TIG. 1 of 
the accompanying drawings Illustrates a known mech- 
anism for providing wireless Internet access 100 to a 
roaming user 110. The roaming user 110 has been as- 
signed to a home network 1 50 that includes a home AAA 
service provider 155. The roaming user 110 is shown as 
having roamed into a visited network 120, and needs to 
communicate through an AAA client 130 (for nvampln 
an access router). A local AAA server 1 25 in the visited 
network 120 supports the AAA client. 
[001 1 ] It is known to perform AAA functions according 
to schemes In which both authentication unit uutliutisa- 
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ton require two-way communication between the Home 
AAA server 155 and the visited AAA server 125. The 
process for providing authentication and authorisation 
requires the roaming user 110 to provide its credentials 
to the local AAA client 175. The local AAA client 175 
forwards the credentials to the local AAA server (AAAL, 
visited network AAA authority) 125 for authentication 
purposes. 

[0012] The AAAL 125 recognizes that it is unable to 
auth enticate that use r, as the roaming user 1 1 0 does not 
belong to the domain that the AAAL 125 serves. The 
AAAL server 125 then forwards the credentials to the 
home network AAA server (AAAH) 155 over the Internet 
140 for authentication purposes. The AAAH server 1 55 
authenticates the credentials and cande a validation 
message to the AAAL server 1 25 in the visited network 
120 The AAAL server 125 then forwards the authenti- 
cation validation to the AAA client 175, and the roaming 
usef 110 is then granted access to the visited network 
120. 

[0013] Unfortunately, such messaging between the 
roaming us«r 110, the local AAA servor 125 and rtfi 
home AAA authority 155 is not limited to happening only 
in the initial authentication request when a roaming user 
1 1 0 roams into a visited network 120. For example, the 
AAAH server 155 is also involved for subsequent au- 
thorization requests, whereby the AAAL server 125 
must make sure that it is correctly paid for the service 
requested by the roaming user 11 0. In this case, the in- 
ter-domain communication Involves the AAAH 155, 
which knows the traffic profile subscribed by the roam- 
ing user 110. 

[0014] Furthermore, such inter-domain communica- 
tion Is invoked for any authorization request for a spe- 
cific service. Additionally, inter-domain communication 
is invoked for any authentication request that the AAAL 
server 125 may send to the roaming user 110. These 
supplementary authentication requests are likely to oc- 
cur either periodically, or when the user req uests access 
to a particular oorvbc. 

[0015] The three distinct mechanisms described for 
Authorization (Agent Sequence, Push Sequence, Pull 
Sequence) in the above-mentioned memorandum N" 
RFC2904 all involve two-way communication with the 
AAAH 155. The memorandum entitled "AAA Local Se- 
curity Association (LSA): The Temporary Shared Key 
(TSK)° , published July 2001 by the Internet Engineering 
Task Force organisation, describes a mechanism to set 
up a Local Security Association {LSA) between a user 
and the visited network when the user is roaming. How- 
ever, this proposal only provides the AAAH with the abil- 
ity to delegate Its authentication capability after it has 
already first authenticated the mobile user. 
[0016] It will be appreciated that lono, delays mav oc- 
cur in the case of a roaming mobile userfor authentica- 
tion and/or authorization Involving two-way communica- 
tion [round-trip exchanges) with the home AAA server 
155. This is eapeclaily the case when the visited network 



120 Is geographically remote from the home network, 
and the round-trip exchanges of AAA messages may 
represent a substantial communication overhead that is 
particularly unsatisfactory in the case of wireless com- 

s munlcatJons. 

[0017] The inventors of the present invention have 
recognised that the cu rrent solutions to w Ireless I nte m et 
access for a roaming user, particularly In supporting 
AAA functionality, are focused on network-based proc- 

fO esses. All the known solutions attempt to connect the 
visited network with an information base, either local or 
remote, to retrieve the user information. For example, a 
management Information base (MIB) based solution re- 
quires all the visited domains to contact explicitly to the 

M MSB to authenticate each visiting user's nr»rientl»lR/ 
rights. Moreover, a MIB-based solution is slatically con- 
figured and fails to adequately address the dynamic 
needs of a roaming user. The same comments apply 
equally to a policy information base (RIB) based soiu- 

20 tlon, which can be considered as an MIB with different 
object-oriented structure. 

[0018] A straightforward solution may be to establish 
a direct connection between the AAAL server 125 and 
the AAAH server 155. However, such a solution means 

25 that for each time a roaming user 110 moves to a new 
domain, there should be a communication between the 
AAAL server 1 25 and the AAAH server 1 55. 
[0019] Furthermore, for dynamic changes of a user's 
service profile the only solution that currently exists Is 

30 that the AAAH server 155 contacts the visited AAAL 
server 125 to update the user's Information. A concep- 
tual Illustration of this is shown in FIG. 2. FIG. 2 Illus- 
trates the network communicallon £00 required to facil- 
itate different operators, having differing administrative 

35 domains that provide differing services and levels of 
services. Three domains 220, 230, 240 are shown, with 
respective services 225, 235, 246 supported by each. 
Each service 225, 235, 245 has assigned to It multiple 
service leveb 228 (shown only In relation to service da- 

40 tabaco 226 for olarity purpoeoe). 

[0020] The Inventors of the present invention have al- 
so recognised that the communication of such service 
or service level Information 21 0 between the domains is 
a very i n efficient mechanism that uses valuable commu- 

■*s nication resources. Addilionaily, it is a mechanism that 
is not readily scalable, and therefore causes both a high 
nelwnrk loud n» wall bs a high AAAH load 
[0021] A need therefore exists lor an Improved serv- 
ice identification mechanism, preferably a termlnal- 

so based service identification mechanism, and a mecha- 
nism for supporting dynamic modification of service pro- 
files, wherein the abovementioned disadvantages asso- 
ciated with prior art mechanisms may be alleviated. 

55 Statement of Invention 

[0022] In accordance with a first aspect of the present 

Invention there is provided a terminal-baaed service 
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identification rnethud, as claimed in claim 1 . 
[0023] In accordance with a second aspect of the 
present invention there is provided a terminal-based 
service modification method, as claimed In claim 10. 
[0024] InaccDrdancewlthatnlrdaspectotthepresent s 
invention there is provided a wireless subscriber termi- 
nal, as claimed in claim 15. 

[002S] tn accordance with a fourth aspeU uf the 
present Invention, there is provided a serverfor a cell of 
a wireless cell-based communication system, as 10 
claimed in ciaim 22. 

[0026] In accordance with a fifth aspect of the present 
invention, there is provided a database, as claimed in 
claim 28. 

[00373 ln accordanco with a sixth aepect of the »s 
present invention, there Is provided a wireless commu- 
nication unit, as claimed In claim 29. 
[0028] In accordance with a seventh aspect of the 
present Invention, there is provided a wireless commu- 
nication unit, as claimed in claim 30. so 
[0029] In accordance with an eighth aspect of the 
present invention there is provided a storage medium 
system, as claimed in claim 31 . 
[0030] in accordance with a ninth aspect of the 
present invention, there is provided a wireless commu- ss 
nlcatlon system, as claimed in claim 32. 
[0031 ] Further aspects of the present invention are as 
claimed In the dependent claims. 
[0032] In summary, the Inventive concepts of the 
present invention provide for a mechanism to enhance 30 
the authorization capabilities of a server, for example an 
AAA server, by providing a service profiles database on 
the server that is based un a plurality of servers service 
profiles. A roaming wireless subscriber terminal con- 
tains a service profile indicator. The roaming wireless 35 
subscriber terminal transmits the service profile indica- 
tor to the visited server, where it is mapped against the 
service profiles database to determine a service or level 
of service to be provided to the roaming wireless sub- 
scriber unit. 40 
[0033] In this manner, there is no need for the visited 
cell to communicate with the roaming wireless subscrb- 
er unit's home cell to determine the service or level of 
service to be provided, thereby avoiding substantial in- 
ter-cell communication. 45 
[0034] Furthermore, a mechanism for a terminal to 
modify its service profile ie described, whereby the mod 
ified service profile can be authenticated and authorized 
by a server in a visited communication cell. 

so 

Brief Description or the Drawings 

[0035] FIG. 1 illustrates a known mechanism for pro- 
viding wireless internet access to a roaming user. 
[0036] FIG. 2 Illustrates a known communication net- ss 
work arrangement required to facilitate different opera- 
tors, having differing administrative domains that pro- 
vido differing services and/or level* of services. 



[0037] Exemplary embodiments of the present inven- 
tion wili now be described, with reference to the accom- 
panying drawings, in which: 

FIG. 3 illustrates a domain-based 3GPP communi- 
cation system, adapted to support the inventive 
concepts of a preferred embodiment ol the present 
Invention. 

FIG. 4 Illustrates a mechanism for dynamically pro- 
viding service profiles In aecordfinne with a pre- 
ferred embodiment of the present inventions 

FIG. 5 shows a wireless communication unit (UE) 
adapted lu employ the inventive concepts of the 
preferred embodiment of the invention. 

FIG. 6 illustrates a mechanism for dynamically mod- 
ifying service profiles in accordance with a preferred 
embodiment of the present invention, 

Description of Preferred Embodiment* 

[0030] Referring first to FIG. 3, a UMTS communica- 
tion system/network 300, in a hierarchical form, is 
shown. The communication system 300 is compliant 
with, and contains network elements capable of operat- 
ing over, a UMTS and/or a general packet radio system 
(GPRS) air-interfaco. In particular, the invention relates 
to the Third Generation Partnership Project (3GPP) 
specification for wide-band code-division multiple ac- 
cess (WCDMA) standard relating to the home network/ 
serving network Interface (described In the 3G TS 
25joo< series of specifications), 
[0030] The network is conveniently considered as 
comprising: a usBr equipment domain 31 n. made up of 
a user subscriber identity module (USSM) domain 320 
and a mobile equipment domain 330; and an infrastruc- 
ture domain 340, made up of an access network domain 
350, and a core networtc domain 360, which is In turn 
made up of a serving network domain 370, a transit net- 
work domain 380 and a home network domain 390. 
[0040] In the mobile equipment domain 330, a user 
equipment (UE) 330A receives data from a user SIM 
320A in the USSM domain 320 via the wired C u Interface. 
The UE 330A communicates data with a Node B 350A 
In the network access domain 350 via the wireless U u 
Interface. Within the network access domain 350, the 
NodeBs350Acontainoneor more transceiver units and 
communicate with the rest of the cell-based system In- 
frastructure, for example radio network controller (RNC) 
360B, via an l ub interface, as defined in the UMTS spec- 
ification. 

[0041] Thfl RNC flSOB communicates with other 
RNCs (not shown) via the l ur interface. The RNC 350B 
communicates wilh a serving GPRS support node (SG- 
SN) 370A In the serving network domain 370 via the l H 
Intel ftauu. Within the serving networK domain 370, the 
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SGSN 370 A communicates with a gateway GPHS sup- 
port node (GGSN) 370B via the G n interface, and the 
SGSN 370A commu nfcates with a visitor location regis- 
ter (VLR) server 37DC via the G B interface. The SGSN 
370A communicates with a home location register 
(HLR) server (190A) in the home network domain 390 
via the Z u Interface. The GGSN 370B communicates 
with purjllc data network In the transit network Uumahi 
380 via the Y u interface. 

[0042] The GGSN 370B (and/or SGSN) is responsi- 
ble for UMTS (or GPRS) interfacing with a Public 
Switched Data Network fPSDN) 380Asuch as the Inter- 
net or a Public Switched Telephone Network (PSTN). 
The SGSN370A performs a routing and tunnelling func- 
tion for traffic within say, a UMTS core network, whilst a 
GGSN 370B links to external packet networks, In this 
case ones accessing the UMTS mode of the system. 
[0043] Thus, the elements RNC 350B, SGSN 370A 
and GGSN 3703 are conventionally provided as dis- 
crete and separate units (on their own respective soft- 
ware/hardware platforms) divided across the access 
network domain 350 and the serving network domain 
370. 

[0044] The RNC 350B is the UMTS terrestrial radio 
access network (UTRAN) element responsible for the 
control and allocation ot resources tor numerous Node 
Bs 350A; typically 50 to 1 00 Node Bs may be controlled 
by one RNC 350B. The RNC 350B also provides reliable 
delivery of user traffic over th e air Interfaces . RNCs com- 
m u nlcate with each other (via the i ur interface) to support 
handover and macro-diversity. 

[D045] The GGSN 370B is the UMTS Core Network 
elemeni responsive lot eunCBMtiallriy and tunnelling 
user data within the core packet network to the ultimate 
destination (e.g., an Internet service provider (ISP)), 
[0046] The SGSN 370A is the UMTS Core Network 
element responsible for Session Control and Interface 
to the Location Registers (HLR and VLR). The SGSN is 
a large centralised controller for many RNCs. In accord- 
ance with the preferred embodiment of the prooont in 
vention, the SGSN 37QA, together with one armors VLR 
server 370C and HLR server (390A), has been adapted 
to support the inventive concepts herein described and 
reduce the amount of signalling passed across the G 5 
and G n interlaces. The operation of the SGSN 370A, 
VLR server 370C and HLR server (390A) according to 
the preferred embodiment of the present invention are 

further described with respect to FIG. 4. 
[0047] Furthermore, In the preferred embodiment of 
the invention, at least one UE 330A has been adapted 
to store, process and transmit a dynamic service profile 
( SP) Indicator relating to AAA messages to a VLR server 
370C. The UE 330A according to the preferred embod- 
iment of the present Invention is further described with 
respect to FIG. 5 and FIG 6.The roaming wireless sub- 
scribertermlnal transmits the service profile indicatorto 
the visited server, where it is mapped against a service 

profiles database of a server of a visited cell to deter- 



mine a service or level of service tu be psuvideci to the 
roaming wireless subscriber unit. 
[0048] In this manner, there is no need for the visited 
cell to communicate with the roaming wireless subscrlb- 
s er unit's home cell to determine the service or level of 
service to be provided, thereby avoiding substantial in- 
ter-cell communication. 

[0049] Furthermore, a mechanism for a terminal to 
modify its service profile is described, whereby the mod- 
10 ified service profile can be authenticated and authorized 
by a server in a visited communication cell, 
[00S0] In addition , at least one Node B 350A and RNC 
350B have been adapted, to facilitate reception and 
processing of such a dynamic SP indicator relating to 
>s AAA rnoeeagoG. 

[0051 ] More generally, the above adaptations may be 
implemented in the respective communication units in 
any suitable manner. For example, new apparatus may 
be added to a conventional communication unit, oral- 
is ternatively existing parts of a conventional commu nica- 
tion unit may be adapted, for example by reprogram- 
mlng one or mnro prncfwisnrE therein. As such, the re- 
quired adaptation may be implemented in the form of 
processor-implementable instructions stored on a stor- 
25 age medium, such as a floppy disk, hard disk, PROM, 
RAM or any combination of these or other storage mul- 
timedia. 

[0052] In thecaseofothernetworkinfrastructures, im- 
plementation of the processing operations may be per- 

30 formed at any appropriate node such as any other ap- 
propriate type of base station, base station controller, 
GGSN, mobile switching centre (MSC), etc, Alternative- 
ly, the aforementioned steps may be carried out by var- 
ious components distributed at different locations or en- 

35 tlties within any suitable network or system, 

[0053] Referring now to FIG. 4, a mechanism 400 for 
dynamically providing service profiles is illustrated, In 
accordance with a preferred embodiment of the present 
invention. In summary, the preferred mechanism en- 

*o hanooo the authorization capabilities of an AAA eorvor 
by providing a service profiles database on the AAAL 
420. Additionally a dynamic service profile (SP) indica- 
tor Is provided In the UE 330A that has roamed Into the 
communication cell served by the AAAL 420. 

45 [0054} It is assumed that the AAAH of the HLR 390A 
and the AAAL 420 of the VLR 370A have a relationship 
that aOows the AAAL d20 to maintain Information about 
other AAA servers, for example: 

so (i) The AAAH service level specification (SLS) for 
each service provided by the visiting cell; 
(li) The AAAH SP Initialisation parameters of one or 
moreUEs; and 

(Hi) The AAAH users authentication data. 

55 

[0055] Furthermore, It is assumed that the AAAH will 
configure each of its (home-aselgned) users lo maintain 
any appropriate Information/data corresponding to the 
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relations! lip with other AAA servers. II Is envisaged that 
such data may relate, for example, to services or levels 
of services provided at particular times of day. It is also 
envisaged that such Information may be associated to 
a clock of a pseudo random number generator (PRNQ) s 
of the AAA server to authenticate the user and authorise 
the user with the SP that is indicated by the user, 
[0056] In operation, a UE 330A muves from Its home 
domain to another (visited) domain. The AAAL server 
420 of the visited domain transmits an AAA request 425 io 
to the UE 330A, to ascertain whether and, if so, what 
services or levels of service are avaiiable to the UE 
330 A. 

[0057] The UE 330Atransmits a service request mes- 
sage 430 to tho AAAL server 420, as described in a co- is 
pending EP patent application by the same Applicant, 
designated by the Applicant's ref : CR00545R The serv- 
ice request message 430 includes a UE identifier (ID) 
432, a service profile SP-ID 434 associated with the UE 
330A, a codification signal Si 436 and an authorization 20 
code 438. 

[0058] The AAAL server 420 extracts 410 a eervico 
level (SL) identifier/profile 445 from the SP-ID 434 that 
is transmitted In the service request message 430. The 
AAAL server 420 then matches the extracted SL iden- 2s 
tlfler/prolile 44b with the corresponding SL profile data- 
base 442. In the preferred embodiment of the present 
invention, such extraction and comparison will be effect- 
ed using a number provided by the PRNfi within the 
AAA server, to recover the original SL identifier profile so 
of the UE 330A. 

[0059] Note that the original SL Identifier profile was 
protected by wjmblning it wiih a corresponding number 
generated from the PRNQ In the UE 330A, as also de- 
scribed i n co-pend ing E P patent appl loation by the same as 
Applicant, designated by the Applicant's ref; CR00545P. 
[0060] The AAAL server 420 then maps 450, 460 the 
number given to the SP associated with the AAAH of 
that UE 330A and determines 470 the service or level 
of oorvlce 465 that can be provided to, and charged ful, *> 
that particular profile of the UE 330A. The AAAL server 
420 then authorizes 480 the UE 330A for the corre- 
spondent service or level of service. 
[0061] Preferably, each member AAA server shares 
with other AAA servers a service mapper 450, which « 
maps a service profile identifier from the UE 330A, for 
example a one-byio codo 460, with a corresponding 
service profile 465. One example of a service profile of- 
fered to a UE330A could be video streaming at one Mb- 
ps, with a low quality voice communication link. Advan- so 
tageousiy, no consistency is required between different 
mappings of different operators, since each AAA serv- 
er's partner downloads the whole coding associated 
with the server profiles that the server partner offers, 
Furthermore, in accordance with the preferred embodi- ss 
menl of the present Invention, the AAAL server 420 only 
maintains Information about the different service profiles 
that oxist with tho AAAHs with which it has a relation- 



ship. 

[0062] In the preferred embodiment of the present in- 
vention, the local operator has been adapted to decode 
the SP sotting for tho user eoBoion, aa transmitted by 
the UE 330A. The adaptation will preferably take ac- 
count of the SP setting dependent on the PRNG verifi- 
cation. Advantageously, there is no need for the AAAL 
server 420 to store information about each and every 
UE that may potentially roam into its area. This is a sig- 
nificant benefit, which results from the fact that informa- 
tion about the different service l<wels for each foreign 
domain are stored once for all uears that belong to that 
domain. The only information needed to be stored in the 
AAAL server 420 is the SP parameters) of the respec- 
tive AAAH. By implementing a HHNG verification 
scheme, as also described in co-pending EP patent ap- 
plication by the same Applicant, designated by the Ap- 
plicant's ref: CR00545P, it is easy tD authenticate the 
user and authorise him with the SP that he indicates. 
[0063] In the preferred embodiment of the present in- 
vention, the Impact on the home operator/AAAH is thai 
tho individual user configurations are stuiud inside the 
UE 330A, preferably within its SIM card in contrast to 
the AAAH . It is also envisioned that the AAAH may wish 
to modify remotely the SP of a UE if that user wishes to. 
This can be achieved by any number of means, for ex- 
ample over-tfie-air programming (OTAP), as known In 
the art. 

[0064] Rof erring now to FIG. 6, a funotbnal block di- 
agram of a wireless communication unit 330A, for ex- 
ample a UE capable of operating in the 3GPP commu- 
nication system 300, is shown adapted In accordance 
with the inventive concepts of the present Invention . The 
UE 330A contains an antenna 502 coupled to a duplex 
filter, antenna switch or circulator 504 thai provides Iso- 
lation between the receiver chain 540 a nri transmit chai n 
550 within the UE 330A. 

[0065] The receiver chain 540, as known In the art, 
may include scanning and/or switchabie receiver front- 
end circuitry sob (effectively providing reception, filter- 
ing and intermediate or base-band frequency conver- 
sion). The scanning front-end circuit is serially coupled 
to a signal processing function 508. An output from the 
signal processing function 508 may be provided to suit- 
able output devices such as a display screen 510. 
[0066] The receiver chain 540 also includes received 
signal strength indicator (R33I) circuitry 512, wliiuh In 
turn is coupled to a controller 51 4 that operates to main- 
tain overall control of the different functions and mod- 
ules of the UE 330A. The controller 51 4 is also coupled 
to the scanning receiver front-end circuitry 506 and the 
signal processing function SOB (generally realised by at 
least o ne digital signal processor (DSP)). In accordance 
with the prnfftrrfid embodiment of the present Invention, 
the processing function 508 incorporates a pseudo ran- 
dom number generator 530 to assist In the UE verifica- 
tion/authorization process. 

[0087] The controllers! 4 includes forts operabiycou- 
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pied to) a memory element tntnhat stores operating re- 
gSmes, such as decoding/encoding functions and the 
like. Atimer518 Is typically coupled to the control1er514 
to control the timing or operations (transmission or re- 
ception of time-dependent slgnais) within the UE 330 A. 
[0088] As regards the transmit chain 550, this essen- 
tially includes an input device 520 such as a keyboard, 
keypad, mlcrophuntj ui U ie like. The inpu! device is cou- 
pled in series through transmitter/modulation circuitry 
522 and a power amplifier 524 1o the antenna 502. The 
transmitter/modulation circuitry 522 and the power am- 
plifier 524 are operationally responsive to the controller 
514. 

[0069] In accordance with the preferred embodiment 
of the present invention, the memory element 516 of tho 
UE 330A has been adapted to store the user's profile 
Information, for example different service levels sub- 
scribed to by the user. It is envisaged that such service 
levels provided to the user may be dependent on the 
day or time of day. Furthermore, the signal processor 
508 and PRNG 530, in conjunction with the controller 
51 4, timer 5 1 8 and transmit ch a in fifif) , hn v« been adapt- 
ed to generate service request messages that are com- 
bined with a random number generated by the PRNG 
530, to ensure a secure transmission to the AAAL 
L0070J The current requested service level wouSd be 
sent to the AAAL together with the number generated 
by PRNG 530 to assist In the verification process. Fur- 
thermore, a change to a Service Profile (in the case of 
multiple SPs), orachange of Service Level within a sin- 
gle SP (in the case of, for example, having a service 
attached to the day time) will directly affect the value of 
the SP that will be provided to the UE 0DOA. Such chang- 
es can be effected by selection of the appropriate PRNG 
number or may be included as various SP options stored 
in memory element 516, 

[0071] it Is within the contemplation of the Invention 
that such a service request procedure and service pro- 
files may be introduced to the UE 330A in the form of 
proooeeor-lmplamontable instructions ancVor data. 
[0072] It is within the contemplation of the invention 
that the processor 508 and/or controller 514 described 
in the above embodiments can be embodied in any suit- 
able form of software, firmware or hardware. Further- 
more, Jhe various components within the UE 330A are 
realised In this embodiment in integrated component 
form Of coursn. in other embodiments, they may be re- 
alized in discrete form, or a mixture of integrated com- 
ponents and discrete components, or indeed any other 
suitable form. Further, In this embodiment the controller 
514 is implemented as a programmable processor, but 
in other embodiments can comprise dedicated circuitry 
or any other suitable form. 

[0073] Additionally, the processor 508 and/orcontrol- 
ler 514 may be controlled by processor-implementable 
instructions and/or data, for carrying out the methods 
and processes described, which are stored in a storage 
medium or memory, for oxamplo tho memory 616. Tho 



memory can be a circuit component or module, e.g. a 
RAM or PROM, or a removable storage medium such 
as a disk, or other suitable medium. 
[0074] Referring now to FIG. 6, a mechanism 600 for 

s a userto dynamically modify a service profile In accord- 
ance with a preferred embodiment of the present inven- 
tion is illustrated, it is within the contemplation of the in- 
vention that if the profile of the user Indicates that, at a 
particular time, his service level (SL) will change, and 

10 then the UE 330A will automatically transmit a SL 
change request message 61 0 to the AAAL server 420. 
Alternatively, such a request may be initiated by the us- 
er, for example by selecting a service profile or level of 
service from a list contained with the SIM card of the UE 

is 330A and displayed on the display fit 0 

[0075] In accordance with the preferred embodiment 
of the present Invention, as described with respect to 
FIG. 4, the AAAL server 420 authorizes 620 the UE 
330A as bet ng able to modfty the SL. Once authorization 

so has been received, the UE 330A transmits the new SL 
demand 640 with a new SP-ID to the AAAL server 420, 
In response to the new SP-ID. the AAAL server 420 
makes the same checks as before a nd grants 650 a new 
service level 630 to the UE 330A. 

25 [0076] It Is within the contemplation of the Invention 
thai a full list o[ available SPs may be stored In the UE 
330A. As such, the user is provided with the ability to 
select or modify Its S P in the same manner as described 
above with regard to SLs. 

so [0077] In this manner, the UE 330A is able to initiate 
new levels of service when having roamed into a visitor 
domain. It Is within the contemplation of the invention 
that the UE user may be offered the facility to dynaml 
cally change the SL, presumably tor a charge to be ap- 

as plied by the visiting domain operator. 

[0078] It will be understood that the terminal-based 
service Identification mechanism described above pro- 
vides at least the following advantages: 

■M (i) It minimizes the signalling between the home do- 

main and the visited domain; 

(ii) It provides dynamic SUSP authorization of the 
userto access services; 

(iii) It provides scalability, as the different visited do- 
« mains do not need to keep information aboui each 

user. Only a key is needed; 
(Iv) It provides user selectable profile selection; and 
(v) It provides an easy accounting model for roam- 
ing users. 

so 

[0079] II Is within the contemplation ol the Invention 
that other communication systems could employ com- 
parable techniques, for example utilise the aforemen- 
tioned inventive concepts in selecting or modlfyln g other 
55 user profiles' or user priorities. Furthermore, other sys- 
tems may implement remote servers In a different man- 
nerto the AAALdescribed above with respect to a3GPP 
Dyetom, but etill utilise the aforementioned inventive 
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concepts. 

[0080] Whilst the specific and preferred implementa- 
tions of the embodiments of the present invention are 
described above, it is clear that one skilled In the art 
could readily apply variations and modifications of such 
inventive concepts. 

[0081] Thus, an improved communication system, 
communication u nit and method of facllltati ng AAA serv- 
ices have been described wherein the abovementioned 
disadvantages associated with prior art arrangements 
have been substantially alleviated. 



Claims 

1. A terminal-based service identification method 
(400) for a wireless cell-based communication sys- 
tem (300), the wireless cell-based communication 
system (300) including a home domain cell (390) 
and at least one visitor domain celi (370) wherein a 
roaming wireless subscriber terminal (330A) is as- 
signed to said home domain cell (390) and roams 
into a visitor cell (370), the method characterised 
by the steps of: 

storing authorization data m said roaming wire- 
less subscriber terminal to allow said roaming 
wireless subscriber terminal to operate In said 
visitor domain cell; 

transmitting (430) said authorization data (438) 
from the roaming wireless subscriber terminal 
(330A) lo a server (420) in said visitor eel I (370); 
and 

receiving said authorization data from the 
roaming wireless subscriber terminal (330A) by 
said server (370 B) in said visitor cell (370) and 
authorizing (480) a service to said roaming 
wireless subscriber terminal (330A) in said vis- 
itor cell (370) in response to said authorization 
data. 

2. The terminal-based service Identification method 
(400) according to Claim 1, the method further 
characterised by the step of: 

mapping (450) said authorization data with 
SRrvicfi prnfile data of a plurality of servers fay 
said server, to determine what services are to 
be made available to said roaming wireless 
subscriber terminal (330A). 

3. The terminal-based service identification method 
(400) according to Claim 1 or Claim 2, wherein said 
server (420) performs al least onB of the following 
functions with respect to said roaming wireless sub- 
scriber terminal: 

(i) authentication of said roaming wirclcao 3ub 



scriber terminal, 

(ii) authorisation of said roaming wireless sub- 
scriber terminal, 

(ill) accounting nf service(s) used by eafd roam- 
5 Ing wireless subscriber terminal. 

4. The terminal-based service identification method 
(400) according to any preceding Claim, the method 
further characterised by the step of: 

it) 

authorizing (480) said roamina wireless sub- 
scriber terminal (330A) for a service or level of 
service (465) as indicated in said authorisation 
data. 

5. The terminal-based service identification method 
(400) according to any preceding Claim, wherein 
said authorization data Is generated using a random 
number generator (530) to indicate a service or lev- 

20 el of service (465) to be provided to said roaming 
wireless subscriber terminal (330A) using a se- 
cured identification exchange. 

6. The terminal-based service identification method 
ss (400) accordinglo any preceding Claim, themethod 

further character ised by the step of: 

modifying said authorization data by said roam- 
ing wireless suhsnriher terminal (330A) to indi- 
30 cate a modified service or modified level of 

service to be made available to said roaming 
wireless subscriber terminal (330A) by said 
server (420) In said visitor cell (370). 

35 7. The terminal-based service identification method 
(400) according to Claim 6, wherein said step of 
modifying is Initiated automatically, for example in 
response to a day or time of day. 

*o 8. The terminal-baaed seivice identification method 
(400) according to Claim 6, wherein said step of 
modifying a service or level of service to be made 
available to said roaming wireless subscriber termi- 
nal (330A) is user selectable. 

45 

9. The terminal-based service identification method 
(400) according to any preceding Claim, wherein 
said step of storing authorization data in said roam- 
ing wireless subscriber terminal (330A) includes 

» storing said authorization data In a use r*s subscriber 
Identity module card associated with said roaming 
wireless subscriber terminal (330A). 

10. A terminal-based service modification method 
« (600) for a wireless cell-based communication sys- 
tem (300), the wireless cell-based communication 
system (300) including a home domain cell (390) 
and a visitor domain cell (370) wherein a roaming 
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wireless subscriber terminal (330A) Is assigned lu 
said home domain call (390) and roams Into said 
visitor cell (370), the method characterised by the 
steps of: 

modifying (630) a service profile of said roam- 
ing wireless subscriber terminal (330A) by said 
loaniiny wireless subscriber terminal (330A); 
transmitting (640) said modified service profile 
from said roaming wireless subscriber terminal 
to a server supporting said visitor domain cell 
(370); 

receiving said modified service prof lie from said 
roaming wireless subscriber terminal (330A) at 

eaid eorvor (J120); and 

authorizing (650) a change in a service or level 
of service (640, 465) provided to said roaming 
wireless subscriber terminal (330A) in re- 
sponse to said modified service profile (630). 

11. The terminai-based service modification method 
(fiClO) according to Claim 10. Further characterised 
by the step of: 



i. A wireless subscriber terminal (330A) for commu- 
nicating In a wireless cell-based communication 
system (300) wherein the wireless subscriber ter- 
minal (330A) is assigned to a home cell (390) and 
is capable of roaming into a visitor cell (370), the 
wireless subscriber terminal (330A) comprising; 

a tranemittar (550) for transmitting messages 
to a wireless communication server (420); and 
a memory element (516) operably coupled to 
said transmitter 

the wireless subscriber terminal (330A) character- 
ised in that said memory element (516) contains 
service profile information (434) related to said user 
for transmitting to a server (420) of a visitor cell 
(370) In ortferto access a service or level of service 
(465) from said server (420). 

so 16. The wireless subscriber terminal (330A) according 
to Claim 1 5 wherein said memory element (51 6) is 
a subscriber identity module card associated with 
said wireless subscriber terminal (330A). 



comparing said received modified service pro- 
file with a service profile dalabastj (480) in said 
server (420) to determine whether said roami ng 
wireless subscriber terminal (330A) is author- 
ised to modify or operate said service or level 
of service (640, 465) provided to said roaming 
wireless subscriber terminal (330A). 



25 17. The wireless subscriber terminal (330A) according 
to Claims 1D or Claim 16, the wireless subscriber 
terminal (330A) further characterised by a proces- 
sor (SOB) operably coupled to said memory element 
(516) and said transmitter (550) and configured to 

30 be able to modify said wireless subscriber terminal's 
(330A) service profile information (434). 



12. The termlnal-baaed service modification method 
(600) according to Claim 1 1 , further characterised 
by the step of: 

transmitting initially a service modification re- 
quest (610) from said roaming wireless sub- 
scriber terminal (330A) to said server (420) to 
obtain authorization (620) for changing said 
service or level of service (640, 465) provided 
to said roaming wireiess subscriber terminal 
priorto said step of transmitting (640) said mod- 
ified service protite. 

13. The terminal-based service modification method 
(600) according to any of preceding Claims 10 to 

1 2, wherein said step of modifying is initiated auto- 
matically, for example In response to a day or time 
of day. 

14. The terminal-based service modification method 
(600) according to any of preceding Claims 10 to 

13, wherein said step of modifying a service or level 
of service (640, 465) to be made available to said 
roaming wireless subscriber terminal 330A) is user 
selectable. 



18. Tho wireless eubecribor terminal (330A) according 
to Claim 17, further characterised by user input 
35 means (520) operably coupled to said processor to 
enable a user of said wireless subscriber terminal 
(330A) to modify said wireless subscriber terminal's 
(330A) service profile Information (434). 

40 19. Thf> wireless subscriber terminal (330A) according 
to Bny of preceding Claims 15 to 18, wherein said 
service profile information (434) is automatically 
modified, for example in response to a day or time 
of day. 

45 

20, The wireless subscriber terminal (330A) according 
to any of preceding Cialms 15 to 19, wherein said 
transmitter (550) transmits a request to said server 
(420) of said visitorcell (370) to modify a service or 

so level of service (465) accessed from said server 
(420). 

21, The wireless subscriber terminal (330A) according 
to any of preceding Claims 151o 20, further char- 

55 acterisedbya random numbergenerator(530) op- 
erably coupled to said memory element (516) 
wherein an output of said random number generator 
(530) is combined with said serv^n profile Infnrma- 
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tlon (404) to provide a random seuure transmission 
of said service profile information (434) to said vis- 
itor cell server (420), 

22. A server (420) Tor a celt of a wireless cell-based s 
communication system (300) having a plurality of 
cells and supporting a plurality of roaming wireless 
subscriber terminate (330A), wherein a rooming 
wireless subscriber terminal (330A) is assigned to 

a home cell (390) and is capable of roaming Into a iq 
Visitor cell (370), the server (420) characterised 
by: 

a service profile database (370B) storing serv- 
ice profiles for a number of said calls; and >s 
a processor (50a) operably coupled to said 
service profile database (370 B) providing a pro- 
file mapping function (450) 1o map a service 
profile request tram a roaming wireless sub- 
scriber terminal (330A) to said service profiles so 
to determine a service Dr level of service (465) 
to be provided to said roaming wireless sub- 
scriber terminal (330A). 

23. The server (420) according to Claim 22, wherein ss 
said seivei (420) performs one or more of the fol- 
lowing functions: 

(i) determines whether a roaming wireless sub- 
scriberterminal (330A) is authorised to use said 30 
cell supported by said server (420); 

(ii) authenticates said roaming wireless sub- 
ocrlbcr terminal (330A) to use sold cell support- 
ed by said server (420); or 

(iii) accounts for a use by said roaming wireless 3$ 
subscriber terminal (330A) of a service provid- 
ed by said server (420). 
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provided by the visiting cell; 
(ii) At (east one service profile initialisation pa- 
rameter of one or more wireless subscriber ter- 
minals (330 A); nnd 
(111) A users authentication data. 

27. The server (420) according lo any of preceding 
Claims zz to 26. wherein said server (420) further 
characterised by a random number generator 
(530) operably coupled to said processor (508) in 
order to extract at least one service profile con- 
tained In the service profile request from said roam- 
ing wireless subscriber unit (330A) wherein said 
service profile request has been combined with an 
equivalent random number genei sled in said roam- 
ing wireless subscriber unit (330A). 

28. A database (370B) adapted to store service profile 
information (434) according to any of the preceding 
Claims. 

29. A wireless communication unit (330A) adapted to 
perform any of the steps of the terminal -based serv- 
ice Identification method of Claims 1 to 9. 

3d. A wireless communication unit (330A) adapted to 
perform any of the steps of the terminal-based serv- 
ice modification method of Claims 10 to 14, 

31 . A storage medium storing processor-implementa- 
ble instructions for controlling a processor (508} to 
carry out the method of any ol claims 1 to 15. 

32. A wireless communication system (300) adapted to 
facilitate the method steps of any of Claims 1 to 15. 



24. The server (420) according to Claim 22 or Claim 23, 
wherein said wireless coll-basod communication 40 
system (300) is a third generation wireless commu- 
nication system (300), and said server (420) per- 
forms an aulhentication , authorisation and accou nt- 

ing function as a visitor cell (370) for a wireless sub- 
scriber terminal (330 A) within a serving general 4S 
packet radio system support node (370A). 

25. The server (420) according to any ol preceding 
Claims 22 to 24, wherein said server (420) main- 
tains information about other servers (390A) sup- so 
porting other cells In II ie cell-based wireless com- 
munication system (300). 

26. The server (420) according to Claim 25, wherein 
said information includes one or more of the fol low- 55 
ing: 

(I) A service level specification for each service 
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